From ekarkkai@pp.htv.fi  Wed Mar 16 18:38:21 2005
Return-Path: <ekarkkai@pp.htv.fi>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5070416A4CE; Wed, 16 Mar 2005 18:38:21 +0000 (GMT)
Received: from smtp3.pp.htv.fi (smtp3.pp.htv.fi [213.243.153.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 247BD43D2F; Wed, 16 Mar 2005 18:38:20 +0000 (GMT)
	(envelope-from ekarkkai@pp.htv.fi)
Received: from thunderbolt.my.domain (cs78133185.pp.htv.fi [62.78.133.185])
	by smtp3.pp.htv.fi (Postfix) with ESMTP id A06DD27AC2E;
	Wed, 16 Mar 2005 20:38:18 +0200 (EET)
Received: from thunderbolt.my.domain (localhost [127.0.0.1])
	by thunderbolt.my.domain (8.13.1/8.13.1) with ESMTP id j2GIcIOj015345;
	Wed, 16 Mar 2005 20:38:18 +0200 (EET)
	(envelope-from ejk@thunderbolt.my.domain)
Received: (from ejk@localhost)
	by thunderbolt.my.domain (8.13.1/8.13.1/Submit) id j2GIcH2Y015344;
	Wed, 16 Mar 2005 20:38:17 +0200 (EET)
	(envelope-from ejk)
Message-Id: <200503161838.j2GIcH2Y015344@thunderbolt.my.domain>
Date: Wed, 16 Mar 2005 20:38:17 +0200 (EET)
From: Esa Karkkainen <ejk@iki.fi>
Reply-To: Esa Karkkainen <ejk@iki.fi>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Esa Karkkainen <ejk@iki.fi>, ahze@freebsd.org
Subject: Security update port: audio/grip from grip-3.2.0_6 to grip-3.2.0_7
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         78928
>Category:       ports
>Synopsis:       Security update port: audio/grip from grip-3.2.0_6 to grip-3.2.0_7
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 16 18:40:02 GMT 2005
>Closed-Date:    Thu Mar 17 07:41:42 GMT 2005
>Last-Modified:  Thu Mar 17 07:41:42 GMT 2005
>Originator:     Esa Karkkainen
>Release:        FreeBSD 5.3-RELEASE-p5 i386
>Organization:
Is in state of disintegration
>Environment:

System: FreeBSD 5.3-RELEASE-p5 #40: Sat Mar 12 16:44:21 EET 2005
Ports tree cvsupped at Mar 16 18:44:30 EET 2005

>Description:

Fix to CDDB response multiple matches buffer overflow vulnerability.

Information what to fix was found obtained from 

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/SRPMS/grip-3.2.0-3.fc2.src.rpm

grip.834724.patch

>How-To-Repeat:

# cd /usr/ports/audio/grip && make all
===> The default CDROM device is /dev/acd0
===> Define WITH_CDROM_DEVICE if you want to change the default
===> For example, 'make WITH_CDROM_DEVICE="/dev/somedevice"'
===>  grip-3.2.0_6 has known vulnerabilities:
=> grip -- CDDB response multiple matches buffer overflow vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/bcf27002-94c3-11d9-a9e0-0001020eed82.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/audio/grip.

>Fix:

Please note that a new file "files/patch-src::discdb" will be created
when applying following patch.

diff -ruN /usr/ports/audio/grip/Makefile grip/Makefile
--- /usr/ports/audio/grip/Makefile	Sat Mar 12 18:07:56 2005
+++ grip/Makefile	Wed Mar 16 19:14:13 2005
@@ -7,7 +7,7 @@
 
 PORTNAME=	grip
 PORTVERSION=	3.2.0
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	audio
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE_EXTENDED}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff -ruN /usr/ports/audio/grip/files/patch-src::discdb grip/files/patch-src::discdb
--- /usr/ports/audio/grip/files/patch-src::discdb	Thu Jan  1 02:00:00 1970
+++ grip/files/patch-src::discdb	Wed Mar 16 19:13:02 2005
@@ -0,0 +1,20 @@
+--- src/discdb.c.orig	Thu Apr 15 21:23:37 2004
++++ src/discdb.c	Wed Mar 16 19:02:09 2005
+@@ -311,7 +311,7 @@
+     query->query_match=MATCH_EXACT;
+     query->query_matches=0;
+ 
+-    while((inbuffer=DiscDBReadLine(&dataptr))) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
+       query->query_list[query->query_matches].list_genre=
+ 	DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
+       
+@@ -331,7 +331,7 @@
+     query->query_match=MATCH_INEXACT;
+     query->query_matches=0;
+ 
+-    while((inbuffer=DiscDBReadLine(&dataptr))) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
+       query->query_list[query->query_matches].list_genre=
+ 	DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
+       
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed  
State-Changed-By: ahze 
State-Changed-When: Thu Mar 17 07:41:32 GMT 2005 
State-Changed-Why:  
Committed, Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=78928 
>Unformatted:
